ID: 14897
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: Program Execution
Operating System: Windows 2000
PHP Version: 4.1.1
New Comment:
re enable access to cmd.exe for php:
if you are using IIS, then PHP will be run using the IWAM_<machinename>
account. so you would have to set the right for cmd.exe to include this
account.
if you are using a different web server, then I have no idea what
account would need access to cmd.exe
re stopping php from prepending "cmd /c ":
not that I know of, and hence the bug report that I posted requesting
the developers changing it.
Previous Comments:
------------------------------------------------------------------------
[2002-01-21 06:32:42] [EMAIL PROTECTED]
Is there a way to enable access to cmd.exe so that it is only available
to php.exe?
Or a way of stopping php prepending "cmd.exe /c " in front of any calls
to exec?
thanks.
------------------------------------------------------------------------
[2002-01-17 19:40:26] [EMAIL PROTECTED]
this is a suggestion to the developers to do, because the only way for
a script writer to solve this is to enabled access to cmd.exe which
many would perfer to not have to do.
------------------------------------------------------------------------
[2002-01-17 05:56:27] [EMAIL PROTECTED]
clarification: is this a suggestion of a way to fix the problem myself
(so I can call programs), or a suggestion to the developers?
------------------------------------------------------------------------
[2002-01-06 22:00:12] [EMAIL PROTECTED]
in 4.0.6, popen() would just call CreateProcess() with the specified
command.
this was ok.
in 4.1.0 popen() now prepends "cmd.exe /c " (or "command.com /c " on
win9x).
the problem with this, is that many web admins will disable access for
the web apps to access cmd.exe (eg, MS's IISLockDown does this), and
hence even though the web app may have access to c:\utils\myapp.exe, a
command like exec("c:\utils\myapp.exe") now fails on 4.1.0 but works on
on 4.0.6.
also, the hardcoding of cmd.exe should not be done. it should get it
from the enviroment.
summary:
have commands that prepend the result of an enviroment lookup on
"%comspec% /c " to the front of a command
AND
have commands that dont, so that I can call exec("c:\utils\myapp.exe");
without having to enable access to cmd.exe
OR
any interpretation of these issues, that allow for a sensible amount of
flexibilty.
Louis Solomon
www.SteelBytes.com
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=14897&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
